[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso (@carnil) carnil at debian.org
Wed Nov 19 21:16:16 GMT 2025 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6717abb2 by Salvatore Bonaccorso at 2025-11-19T22:15:52+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,105 +1,105 @@
 CVE-2025-65103 (OpenSTAManager is an open source management software for technical ass ...)
-	TODO: check
+	NOT-FOR-US: OpenSTAManager
 CVE-2025-65100 (Isar is an integration system for automated root filesystem generation ...)
-	TODO: check
+	NOT-FOR-US: Isar
 CVE-2025-65099 (Claude Code is an agentic coding tool. Prior to version 1.0.39, when r ...)
-	TODO: check
+	NOT-FOR-US: Claude Code
 CVE-2025-65095 (Lookyloo is a web interface that allows users to capture a website pag ...)
-	TODO: check
+	NOT-FOR-US: Lookyloo
 CVE-2025-65094 (WBCE CMS is a content management system. Prior to version 1.6.4, a low ...)
-	TODO: check
+	NOT-FOR-US: WBCE CMS
 CVE-2025-65089 (XWiki Remote Macros provides XWiki rendering macros that are useful wh ...)
 	NOT-FOR-US: XWiki
 CVE-2025-65034 (Rallly is an open-source scheduling and collaboration tool. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: Rallly
 CVE-2025-65033 (Rallly is an open-source scheduling and collaboration tool. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: Rallly
 CVE-2025-65032 (Rallly is an open-source scheduling and collaboration tool. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: Rallly
 CVE-2025-65031 (Rallly is an open-source scheduling and collaboration tool. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: Rallly
 CVE-2025-65030 (Rallly is an open-source scheduling and collaboration tool. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: Rallly
 CVE-2025-65029 (Rallly is an open-source scheduling and collaboration tool. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: Rallly
 CVE-2025-65028 (Rallly is an open-source scheduling and collaboration tool. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: Rallly
 CVE-2025-65026 (esm.sh is a nobuild content delivery network(CDN) for modern web devel ...)
-	TODO: check
+	NOT-FOR-US: esm.sh
 CVE-2025-65025 (esm.sh is a nobuild content delivery network(CDN) for modern web devel ...)
-	TODO: check
+	NOT-FOR-US: esm.sh
 CVE-2025-65024 (i-Educar is free, fully online school management software. In versions ...)
-	TODO: check
+	NOT-FOR-US: i-Educar
 CVE-2025-65023 (i-Educar is free, fully online school management software. In versions ...)
-	TODO: check
+	NOT-FOR-US: i-Educar
 CVE-2025-65022 (i-Educar is free, fully online school management software. In versions ...)
-	TODO: check
+	NOT-FOR-US: i-Educar
 CVE-2025-65021 (Rallly is an open-source scheduling and collaboration tool. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: Rallly
 CVE-2025-65020 (Rallly is an open-source scheduling and collaboration tool. Prior to v ...)
-	TODO: check
+	NOT-FOR-US: Rallly
 CVE-2025-65019 (Astro is a web framework. Prior to version 5.15.9, when using Astro's  ...)
-	TODO: check
+	NOT-FOR-US: Astro
 CVE-2025-64765 (Astro is a web framework. Prior to version 5.15.8, a mismatch exists b ...)
-	TODO: check
+	NOT-FOR-US: Astro
 CVE-2025-64764 (Astro is a web framework. Prior to version 5.15.8, a reflected XSS vul ...)
-	TODO: check
+	NOT-FOR-US: Astro
 CVE-2025-64759 (Homarr is an open-source dashboard. Prior to version 1.43.3, stored XS ...)
-	TODO: check
+	NOT-FOR-US: Homarr
 CVE-2025-64757 (Astro is a web framework. Prior to version 5.14.3, a vulnerability has ...)
-	TODO: check
+	NOT-FOR-US: Astro
 CVE-2025-64708 (authentik is an open-source Identity Provider. Prior to versions 2025. ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2025-64521 (authentik is an open-source Identity Provider. Prior to versions 2025. ...)
-	TODO: check
+	NOT-FOR-US: authentik
 CVE-2025-64408 (Apache Causeway faces Java deserialization vulnerabilities that allow  ...)
 	TODO: check
 CVE-2025-63879 (A reflected cross-site scripted (XSS) vulnerability in the /ecommerce/ ...)
-	TODO: check
+	NOT-FOR-US: E-commerce Project
 CVE-2025-63878 (Github Restaurant Website Restoran v1.0 was discovered to contain a SQ ...)
-	TODO: check
+	NOT-FOR-US: Github Restaurant Website Restoran
 CVE-2025-63243 (A reflected cross-site scripting (XSS) vulnerability exists in the pas ...)
-	TODO: check
+	NOT-FOR-US: Pixeon WebLaudos
 CVE-2025-63224 (The Itel DAB Encoder (IDEnc build 25aec8d) is vulnerable to Authentica ...)
-	TODO: check
+	NOT-FOR-US: Itel DAB Encoder
 CVE-2025-63223 (The Axel Technology StreamerMAX MK II devices (firmware versions 0.8.5 ...)
-	TODO: check
+	NOT-FOR-US: Axel Technology StreamerMAX MK II device
 CVE-2025-63221 (The Axel Technology puma devices (firmware versions 0.8.5 to 1.0.3) ar ...)
-	TODO: check
+	NOT-FOR-US: Axel Technology puma devices
 CVE-2025-63220 (The Sound4 FIRST web-based management interface is vulnerable to Remot ...)
-	TODO: check
+	NOT-FOR-US: Sound4 FIRST
 CVE-2025-63219 (The ITEL ISO FM SFN Adapter (firmware ISO2 2.0.0.0, WebServer 2.0) is  ...)
-	TODO: check
+	NOT-FOR-US: ITEL ISO FM SFN Adapter
 CVE-2025-63218 (The Axel Technology WOLF1MS and WOLF2MS devices (firmware versions 0.8 ...)
-	TODO: check
+	NOT-FOR-US: Axel Technology WOLF1MS and WOLF2MS devices
 CVE-2025-63214 (An issue was discovered in bridgetech VBC Server & Element Manager, fi ...)
-	TODO: check
+	NOT-FOR-US: bridgetech
 CVE-2025-63213 (The QVidium Opera11 device (firmware version 2.9.0-Ax4x-opera11) is vu ...)
-	TODO: check
+	NOT-FOR-US: QVidium Opera11 device
 CVE-2025-63212 (GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including mode ...)
-	TODO: check
+	NOT-FOR-US: GatesAir Flexiva-LX devices
 CVE-2025-63211 (Stored cross-site scripting vulnerability in bridgetech VBC Server & E ...)
-	TODO: check
+	NOT-FOR-US: bridgetech
 CVE-2025-63210 (The Newtec Celox UHD (models: CELOXA504, CELOXA820) running firmware v ...)
-	TODO: check
+	NOT-FOR-US: Newtec Celox UHD
 CVE-2025-63209 (The ELCA Star Transmitter Remote Control firmware 1.25 for STAR150, BP ...)
-	TODO: check
+	NOT-FOR-US: ELCA Star Transmitter Remote Control firmware
 CVE-2025-63208 (An issue was discovered in bridgetech VB288 Objective QoE Content Extr ...)
-	TODO: check
+	NOT-FOR-US: bridgetech
 CVE-2025-63207 (The R.V.R Elettronica TEX product (firmware TEXL-000400, Web GUI TLAN- ...)
-	TODO: check
+	NOT-FOR-US: R.V.R Elettronica TEX product
 CVE-2025-63206 (An authentication bypass issue was discovered in Dasan Switch DS2924 w ...)
-	TODO: check
+	NOT-FOR-US: Dasan Switch DS2924
 CVE-2025-63205 (An issue was discovered in bridgetech probes VB220 IP Network Probe,VB ...)
-	TODO: check
+	NOT-FOR-US: bridgetech
 CVE-2025-58412 (A improper neutralization of script-related html tags in a web page (b ...)
 	NOT-FOR-US: Fortinet
 CVE-2025-51663 (A vulnerability found in IPRateLimit implementation of FileCodeBox up  ...)
-	TODO: check
+	NOT-FOR-US: FileCodeBox
 CVE-2025-51662 (A stored cross-site scripting (XSS) vulnerability is found in the text ...)
-	TODO: check
+	NOT-FOR-US: FileCodeBox
 CVE-2025-51661 (A path Traversal vulnerability found in FileCodeBox v2.2 and earlier a ...)
-	TODO: check
+	NOT-FOR-US: FileCodeBox
 CVE-2025-36371 (IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 are impacted by obtaining an informa ...)
 	NOT-FOR-US: IBM
 CVE-2025-34337 (eGovFramework/egovframe-common-components versions up to and including ...)
@@ -107,21 +107,21 @@ CVE-2025-34337 (eGovFramework/egovframe-common-components versions up to and inc
 CVE-2025-34336 (eGovFramework/egovframe-common-components versions up to and including ...)
 	TODO: check
 CVE-2025-34335 (AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes Fax Server and Auto-Attendant IVR appliance
 CVE-2025-34334 (AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes Fax Server and Auto-Attendant IVR appliances
 CVE-2025-34333 (AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes Fax Server and Auto-Attendant IVR appliances
 CVE-2025-34332 (AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes Fax Server and Auto-Attendant IVR appliances
 CVE-2025-34331 (AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes Fax Server and Auto-Attendant IVR appliances
 CVE-2025-34330 (AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes Fax Server and Auto-Attendant IVR appliances
 CVE-2025-34329 (AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes Fax Server and Auto-Attendant IVR appliances
 CVE-2025-34328 (AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to ...)
-	TODO: check
+	NOT-FOR-US: AudioCodes Fax Server and Auto-Attendant IVR appliances
 CVE-2025-13400 (A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the fu ...)
 	NOT-FOR-US: Tenda
 CVE-2025-13397 (A security vulnerability has been detected in mrubyc up to 3.4. This i ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6717abb23238dba2d106e2ba7ce3e172a23a0b3f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6717abb23238dba2d106e2ba7ce3e172a23a0b3f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251119/064236a0/attachment.htm>

More information about the debian-security-tracker-commits mailing list